Overview

overview

7

Static

static

3

a40a193717...eb.exe

windows7-x64

7

a40a193717...eb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/02/2024, 03:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a40a1937177f72ee9eedb75f854460eb.exe

  • Size

    49KB

  • MD5

    a40a1937177f72ee9eedb75f854460eb

  • SHA1

    2d60a2cd90f0711d4d942575b3e838225e7182a9

  • SHA256

    f5787b6dc4284062043ee78f1eed5f8f3cd956e638f113c25af4960d8aeba4e4

  • SHA512

    6eb873049c46dff62be5f146ac9cb687e4daddd2b5d4f31ebaf3dba6d03c9be50147fd84a07bc6de019f11bc148054222bb3f9b3d81622d0cebe12c31d20b18d

  • SSDEEP

    1536:V6QFElP6n+gMQMOtEvwDpjeJQ7pojakll:V6a+pOtEvwDpj2

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a40a1937177f72ee9eedb75f854460eb.exe
    "C:\Users\Admin\AppData\Local\Temp\a40a1937177f72ee9eedb75f854460eb.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3156
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:3024

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          49KB

          MD5

          e4385655c064245a8f704aa181b418b6

          SHA1

          31f4f3a240d50062f110bda38ec89689b367d056

          SHA256

          d177e481a6b0575e71572bc364206e207c353c089eec5697fcda41515daa92d1

          SHA512

          b275adc77fb80cac5494ec72792c0d0640f04479120ac969059d206e5d812755a21130af4aad05131cf440f93f726dfd9840f1890ca66e52176c0f8f072d437d

          Download Submit

        • memory/3024-17-0x00000000004F0000-0x00000000004F6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3024-19-0x00000000004D0000-0x00000000004D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3156-0-0x00000000005B0000-0x00000000005B6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3156-1-0x00000000005B0000-0x00000000005B6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3156-2-0x00000000005D0000-0x00000000005D6000-memory.dmp

          Filesize

          24KB

          Download